How to pick a strong password and protect your privacy

Modern society conducts the vast majority of its business and social interaction online. We check our news at CNN.com, shop for movies at Amazon and connect with old friends on Facebook. We access our bank accounts and our medical information online too.

Despite the amount of time we spend online, however, few of us think much about our first line of defense against cyber criminals: our passwords. Know how to pick a strong password and protect your privacy.

Decent, hard-working men and women around the world have their valuable personal information stolen or compromised every day because of weak passwords. The following nifty nine tips will help ensure that you don’t become one of them.

1. Number no-no’s

Using numbers in your password is good. Using only numbers in your password is bad (especially if those numbers are 123456). If you think it’s unlikely that someone would actually use 123456 as a password, think again. In a recent international phishing attack, more than 10,000 Hotmail email accounts were compromised. Analysis showed that the most popular password used on those account was, you guessed it: 123456.

2. Close the dictionary.

Using a word or phrase in your password might seem like a good idea because those tend to be easier to remember, but passwords with words in them are notoriously easy to crack. Automated “dictionary attacks” can crack your password by endlessly attempting to log in to your account using likely possibilities. With such a tool, hackers can access your account information without having to lift a finger.

3. Be “symbolic.”

Using special characters and other symbols in your passwords is a great way to strengthen them against attack. Try a combination of letters, numbers and symbols to make the strongest passwords possible. Don’t, however, use symbols to represent letters (e.g., “pa$$word”); word-replacement programs can identify them. “!7hr2$RD” is a better example of a strong mixed password.

4. New website, new password

Everyone knows that it’s a bad idea to use the same password for multiple accounts, but we all do it anyway. With countless new social media applications and websites coming out every day, the reality of remembering dozens of separate passwords can seem daunting. If you use only one password for all of your Web applications, however, it takes only one hacked account to compromise all of them. So how can you create unique, memorable passwords for each account? By remembering these tips for how to pick a strong password and protect your privacy.

5. Remember your mnemonic drills.

You probably learned about mnemonics when you were in elementary school, but here’s a refresher. One type of mnemonic associates the letters of a word with whatever you’re trying to remember (e.g., ROY G. BIV helps you remember the colors of the rainbow). By reversing this process, you can make a password that’s nearly impossible to crack. For example, the phrase “Barack Obama was elected president in 2008!” becomes the password, “BOwepi2008!” Better yet, you can use contextually similar mnemonics for all of your accounts, cutting down on the difficulty of remembering multiple passwords.

6. Log in manually every time.

Many websites allows you to save your password so that you can automatically log in the next time you visit the website. As tempting as this is, you should take the extra 10 seconds to log in manually. There’s no telling who might access your computer while you’re away; do you really want your email exposed to anyone who uses your computer?

7. Change it up.

Think of your password like you think of your food: The longer it sits out, the more likely it is to make you sick. Change your passwords at least twice a year, though changing them more frequently is the best way to ensure maximum security.

8. No names

Don’t use names in your password. Oh, and I mean don’t use any names. If you use publicly available names — like your spouse, sister or even your pet — as your passwords, it won’t take long for someone to try them out. Your best bet is to leave all personally identifiable information out of your passwords.

9. Don’t take the bait.

Phishing is a fraud that affects millions of innocent people every year. The way phishers operate is by posing as a trusted contact (usually a bank or other financial institution) and then asking users to verify their account information.

Rather than going to the actual website of the institution, however, users are sent to a phony website that captures their log-in and password credentials. You should always be suspicious of an email that asks you to confirm or authenticate your account information. If you sense something isn’t right, call the institution and speak to someone. They’ll be able to verify the situation. Know how to pick a strong password and protect your privacy.